The Information Security Office at the University of Vermont is dedicated to protecting the university’s information assets’ confidentiality, integrity, and availability. We aim to foster a culture of security awareness and resilience and ensure the safe and secure pursuit of educational excellence, research innovation, and community engagement. Our office implements security practices, technologies, and policies to proactively identify and mitigate risks, ensure compliance, and provide leadership in incident response and recovery. We encourage collaboration, education, and continuous improvement in information security within our academic community.

Safeguard university’s digital and physical information landscape. Implement and manage the integration of cutting-edge security technologies and practices to support the Information Security Office’s mission. Identify and mitigate threats to the confidentiality, integrity, and availability of information within the university’s extensive information ecosystem. Lead critical information security projects, collaborates closely with the Information Security Officer, the Senior Information Security Analyst, and the technology infrastructure operations team. Act as a subject-matter expert; providee strategic guidance to various university groups and participates actively in the Cybersecurity Incident Response Team (CSIRT). Functional supervision over Information Security/Identity Management Analysts and student staff; report directly to the Information Security Officer (ISO).

Leverage comprehensive understanding of the university’s information ecosystem to detect and counteract security threats using ethical, systematic, and defensible methods. Exercise significant discretion and sound judgment in maintaining information security and privacy while also engaging in educational and security awareness initiatives across the university community.

Minimum Qualifications (or equivalent combination of education and experience)

– A Bachelor’s degree in a relevant field with at least two years of experience in information security, or five years of direct experience in information security.

– A minimum of two years in professional systems or network administration roles.

– Expert knowledge of the technical foundations of internet-connected enterprise services.

– At least two years of experience in one or more of the following areas: cybersecurity incident response, endpoint/network forensics, or continuous security monitoring.

– Exceptional customer service, communication, and interpersonal skills, with a proven ability to articulate security concepts and actions to both technical and non-technical audiences.

– Demonstrated ability in producing detailed procedural and incident documentation to support self-assessment and reporting efforts.

– Strong collaborative skills, with a history of working on cross-departmental projects in a team environment.

– Critical thinking, analytical, and decision-making abilities, with a talent for evaluating the risks and benefits of security measures.

Desirable Qualifications

– Demonstrated experience with the deployment and management of security technologies including NAC, SIEM, IDS/IPS, advanced endpoint detection and response (EDR), vulnerability management systems, encryption management, and identity management solutions.

– Master’s degree in a related field (Example: Information Technology, Information Security, Data Analytics, etc)

– Proficiency in orchestration/automation programming languages (e.g., Python, PowerShell, Go).

– Experience in securing hybrid cloud/on-premises environments and applying machine learning to security challenges.

– Skills in server, application, and database hardening.

– Basic forensic investigation experience.

– Network management experience, particularly with Cisco equipment.

– Possess one or more of the following certifications:

– Certified Information Systems Security Professional (CISSP)

– SANS GIAC Security Essentials (GSEC)

– Microsoft Azure Security Engineer: Associate

– Cisco Certified Network Professional (CCNP) – Security

– Other equivalent certifications will be considered on a case-by-case basis

– Prior experience within a higher education setting is an advantage.

– This role is designed for a proactive, security-minded professional eager to employ and expand their expertise in a vibrant educational setting.